Next Article +

Simply Better

Insights on the Enhancements in Novell Open Enterprise Server 2 SP3

Written by Ken Baker

The upcoming release of Novell Open Enterprise Server 2 SP3 is all about greater simplicity, manageability, performance and reliability. To get a behind-the-scenes perspective on how the product’s new services and features deliver these benefits, Novell Connection talked with Haripriya S., a Distinguished Engineer at Novell, and Glen Davis, Novell Product Manager.

The most exciting aspects of Novell Open Enterprise Server 2 SP3 come from the enhancements in Domain Services for Windows that make it more enterprise-ready and easier to roll out to existing eDirectory deployments.

Enterprise-Ready Domain Services

According to Haripriya, some of the most exciting aspects of Novell Open Enterprise Server 2 SP3 come from the enhancements in Domain Services for Windows that make it more enterprise-ready and easier to roll out to existing eDirectory deployments. In the past you had to create a partition in your directory tree for each Active Directory (AD) domain. This meant that only the users within that partition could belong to that AD domain.

This configuration and management hurdle made it difficult for some mixed environments to take advantage of the benefits that Domain Services for Windows delivers. With the release of Novell Open Enterprise Server 2 SP3, that hurdle has been removed. (See Figure 1.) Now the AD domains provided by Domain Services for Windows can span multiple partitions, allowing users anywhere in your eDirectory tree to use the AD authentication that it provides.

“In the past, you could not combine multiple partitions into a single domain,” Haripriya says. “SP3 lets you start a domain at any partition root in the tree and include other partitions within that tree as well. This makes it much easier for enterprises to map their Domain Services for Windows domains to a normal AD domain directory. It also makes it easier to map traditional eDirectory trees into more of a domain design, which allows you to maintain consistent domain mapping when you have sites across multiple countries or domains.”

Davis indicates that Novell Open Enterprise Server 2 SP3 also adds a number of other enhancements that makes Domain Services for Windows easier for enterprises to deploy. The first of these is the removal of the old requirement to have a master replica of the root of the tree. A second enhancement is that your AD domain name no longer needs to be the same as the name of your eDirectory container. Your domain hierarchy can also now be different from your eDirectory hierarchy. Additionally, Domain Services for Windows has the ability to add a second DNS server to your AD domain controller. This provides you with a level of fault tolerance, so if one DNS server goes down you have another one to back it up. And finally, Windows 2008 Member server support has been added to Domain Services for Windows.

File Service Improvements

Novell Open Enterprise Server 2 SP3 delivers a number of new file service improvements, especially in the area of enhanced CIFS support. One of these is support for NTLM version 2 in CIFS, which gives you a more secure way to authenticate. “The NTLM 2 support simplifies administration efforts since it’s the default security mechanism for both Windows Vista and Windows 7,” Haripriya says. “Now that Novell Open Enterprise Server matches that default security, you don’t have to make any changes on your clients to let users take advantage of the native Windows access in CIFS.”

As an additional security enhancement, Novell Open Enterprise Server 2 SP3 supports Novell Modular Authentication Services (NMAS) in CIFS on the server side. So instead of retrieving a password from eDirectory to authenticate, CIFS trusts eDirectory to validate the user using NMAS in a secure fashion.

In terms of simplifying the administration of CIFS users, top-level LDAP context sub-tree search has been added to Novell Open Enterprise Server 2 SP3. This allows CIFS to search for users in the entire base context. To enable it, you first enter novcifs -y yes in the command line and then add the base context through the iManager CIFS plug-in.

Novell Open Enterprise Server 2 SP3 also delivers CIFS support for Windows 7 “offline folders” connecting to a Novell Open Enterprise Server file share. This shows the level of commitment Novell has to interoperate with Microsoft Desktop features.

But the biggest enhancement in the CIFS area is support for Dynamic Storage Technology on Novell Storage Services (NSS) volumes. In the past you had to use the NCP client to take advantage of Dynamic Storage Technology’s ability to dynamically allocate and optimize your storage resources on Novell Open Enterprise Server. (See Figure 2.) Now your users can just use their native Windows CIFS client. To leverage this capability, you need to install NSS when you install your CIFS server and Dynamic Storage Technology.

In the area of other file service improvements, you can now have multiple instances of FTP running on a server. This is particularly beneficial for cluster environments where a user might have an FTP share on one cluster resource and an additional FTP share on a second cluster resource. With Open Enterprise Server 2 SP3, if one of those cluster resources happens to fail over to the other cluster resource, there won’t be a problem with those different FTP instances running on the same server.

Another FTP improvement is that you have greater flexibility in configuring users default home directories. Previously, an FTP session defaulted to the users personal Linux home directory. Now the FTP Server can ignore the individual’s home directory and take everyone to a common location instead.

The biggest enhancement in the CIFS area is support for Dynamic Storage Technology on NSS volumes.

Easier Management, Enhanced Security

Davis reports that one of the most popular features among beta users of Novell Open Enterprise Server 2 SP3 has been the consolidation of proxy users. Previously, you had to have a different proxy user for every service you installed on your server. So, you would have a different proxy user for AFP, CIFS, DHCP, and so on. Sometimes you would end up with several of these different proxy users per tree, which could make management quite difficult. With consolidation, all of your services will authenticate through a single proxy user per server, greatly simplifying administration.

In addition to the consolidation of the proxy service users, Novell Open Enterprise Server now automatically manages the passwords for those proxy users. This can provide significant administration relief, especially if your organization has policies that require users’ passwords to change at specified intervals. According to your policies, Novell Open Enterprise Server can automatically generate new passwords for these service-level proxy users as needed, so you no longer have to worry about them.

Another management enhancement deals with the Service Location Protocol (SLP), which has been improved in this release to give you a greater level of persistence. The basis of SLP is that it allows you to easily see what services are available on your network, such as eDirectory mappings and the different servers running various services. You might have thousands of different services registered by SLP, but since that information had simply been stored in memory in the past, if your server went down all those registrations would be lost until after a potentially long process of discovery and re-registration. Until that re-registration occurred, you might encounter problems with some services not being able to perform proper service look-ups.

In addition to storing that registration information in memory, Novell Open Enterprise Server 2 SP3 stores all that service information in a backup file. As a result, if a server has to be re-started, it can simply look in the backup file to pull all that service registration information into memory, giving it greater persistence. (See Figure 3.)

In addition to storing the service registration information in a backup file, SLP also now allows for directory agent synchronization. “The directory agent synchronization in SLP lets the different directory agents communicate with each other,” Haripriya says. “So, on a server restart it has all the information to ensure you get a consistent view of available services, including service information that may be found across routers and WAN links.”

To simplify administration even further, a number of other new features have been added to Novell Open Enterprise Server 2 SP3. One of these is the ability to view leases from the centralized Java Console administration tool. This release also provides a central location to find all your log files to simplify troubleshooting efforts.

Auditing enhancements on NSS volumes have been added as well. While Novell Open Enterprise Server 2 SP2 added auditing support for NSS files, this release delivers greater auditing granularity. “In addition to being able to see what users have accessed certain files, you can now see the IP addresses of the workstations from which they were accessed ,” says Haripriya. “This ability to track based on IP addresses gives you an extra layer of security.”

Another management improvement comes from new file reader updates in QuickFinder. To begin, it now supports additional Microsoft Office formats. In OpenOffice.org files, support for unknown field names has been added. In HTML files, entity reference handling has been improved, including the ability to handle entity references within metatags. Support for more ASCII encoding has been added, such as UTF8, Unicode, big-endian, and little-endian. QuickFinder can now also detect greater variations of text in PDF files in Adobe 6, 7, and 8—including a variety of unusual fonts, external CMAP files and support for compressed file.

Additionally, the ability to back up and restore encrypted and unencrypted iFolder folders has been added to Novell Open Enterprise Server 2 SP3, as well as the ability to upgrade a slave to a master. This capability can simplify the deployment of iFolder by enabling a pilot server to be configured as a slave server, and then once the testing is completed, allowing it to be moved to production and upgraded into a master.

To make it easier to set up your cluster resources, cluster resource mutual exclusions have been added to Novell Open Enterprise Server 2 SP3.

Simplifying Clusters

To make it easier to set up your cluster resources, cluster resource mutual exclusions have been added to Novell Open Enterprise Server 2 SP3. Resource mutual exclusions let you specify that certain cluster groups can never run on the same server node. For example, if you have Novell GroupWise and Novell iFolder running in one cluster resource group and Novell iPrint in another, you can easily avoid potential service conflicts by specifying that these different groups can never end up on the same cluster node as a result of a failover.

While keeping these cluster resources separate was possible in the past, it was cumbersome and overly complicated to set up and manage. To set up a resource mutual exclusion group in Novell Open Enterprise Server 2 SP3, you simply browse in Novell iManager to the cluster object you want to manage, click Properties, select the RME Groups tab, and then mark the resources you don’t want to run on the same cluster node from the list of available cluster resources.

Performance and Reliability

In addition to simplified management and enhanced security, Novell Open Enterprise Server 2 SP3 delivers greater performance in a number of areas. The overall performance of NSS has been improved. According to beta customers, AFP performance now rivals the performance you’d get from a Mac server. Even Linux User Management features significant performance increases, including faster eDirectory lookups, greater reliability and the avoidance of assignment conflicts with the selection of Unix Config Objects during the enablement of Linux User Management. But the new enhancements and features don’t end there. To learn more about other new features and how you can take advantage of the performance, reliability, security and simplified management improvements in Novell Open Enterprise Server 2 SP3, visit www.novell.com/documentation/oes2/oes_readme/data/readme.html#readme.

Next Article +

Novell Connection Magazine
Special Editions
Archives

© 2011 Novell, Inc. All Rights Reserved.